Fortinet black logo

Administration Guide

Set domain mappings

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:513701
Download PDF

Set domain mappings

If you plan to use the user domain for RADIUS server selection, you must create mappings for the desired domains. First make sure that you have added the RADIUS Server profiles. Then, choose one or more RADIUS servers per domain to authenticate users who connect through a specific domain.

If more than one RADIUS server is entered for a single domain, FortiNAC sends the authentication request to the first server in the domain that matches the user's domain. If the RADIUS server does not recognize the user FortiNAC sends the request to the next server in the list with a matching domain and so on until the user is authenticated. If one of the servers does not respond at all FortiNAC sends the request to the next server in the list.

If you have users that do not log in through the domain but need to be authenticated by one of your RADIUS servers, you can enter Domain Mappings with a blank domain field.

Note

If you map RADIUS servers to a blank domain, the Primary and Secondary servers will never be used because anyone logging in without domain information will match the blank domain.

RADIUS servers mapped to domains take precedence over all other RADIUS server settings.

Note

You must use the Fully Qualified Domain Name or the server will not be able to authenticate users connecting to the network.

Add mapping

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS.
  3. The RADIUS Server Defaults and RADIUS Domain Mappings windows display.

  4. In the RADIUS Domain Mappings window click Add.
  5. Enter the Fully Qualified Domain Name to be used for authentication. For example, bbc.com or myuniversity.edu. Users can then log in with any of the following user name formats:

    • User@FQDN (bob@bbc.com)
    • FQDN\User (bbc.com\bob)
  6. Select the RADIUS Server profile name from the drop-down list.
  7. Your changes are saved automatically.

Delete Mapping

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS.
  3. The RADIUS Server Defaults and RADIUS Domain Mappings windows display.
  4. In the RADIUS Domain Mappings window select the mapping to be removed.
  5. Click Delete.

Set domain mappings

If you plan to use the user domain for RADIUS server selection, you must create mappings for the desired domains. First make sure that you have added the RADIUS Server profiles. Then, choose one or more RADIUS servers per domain to authenticate users who connect through a specific domain.

If more than one RADIUS server is entered for a single domain, FortiNAC sends the authentication request to the first server in the domain that matches the user's domain. If the RADIUS server does not recognize the user FortiNAC sends the request to the next server in the list with a matching domain and so on until the user is authenticated. If one of the servers does not respond at all FortiNAC sends the request to the next server in the list.

If you have users that do not log in through the domain but need to be authenticated by one of your RADIUS servers, you can enter Domain Mappings with a blank domain field.

Note

If you map RADIUS servers to a blank domain, the Primary and Secondary servers will never be used because anyone logging in without domain information will match the blank domain.

RADIUS servers mapped to domains take precedence over all other RADIUS server settings.

Note

You must use the Fully Qualified Domain Name or the server will not be able to authenticate users connecting to the network.

Add mapping

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS.
  3. The RADIUS Server Defaults and RADIUS Domain Mappings windows display.

  4. In the RADIUS Domain Mappings window click Add.
  5. Enter the Fully Qualified Domain Name to be used for authentication. For example, bbc.com or myuniversity.edu. Users can then log in with any of the following user name formats:

    • User@FQDN (bob@bbc.com)
    • FQDN\User (bbc.com\bob)
  6. Select the RADIUS Server profile name from the drop-down list.
  7. Your changes are saved automatically.

Delete Mapping

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS.
  3. The RADIUS Server Defaults and RADIUS Domain Mappings windows display.
  4. In the RADIUS Domain Mappings window select the mapping to be removed.
  5. Click Delete.